jump to navigation

So! Risk Consulting Services ! November 25, 2014

Posted by Ishmael Chibvuri in Latest Articles!!!.
add a comment
DiGiRiSK Consulting

DiGiRiSK Consulting >> http://www.digirisk.co.za >>

In a world of over-capacity and high competition, convergence, consolidation and new business models, organizations must take more risk to be profitable. Increasingly, management recognizes that the ability to take more risk than competitors and manage it effectively is a source of competitive advantage.

Moreover, in response to a number of risk events (which resulted in loss of reputation, shareholder value, sometimes loss of the enterprise, and loss to society and stakeholders) governance requirements are being established in more and more jurisdictions and industries. This requires that executive management and directors of the board ensure that their organization has identified and assessed its key risks.

With the benefit of hindsight, critics often believe that major risks and their consequences should have been anticipated, better managed, or avoided altogether.

Tough questions arise:

• Why didn’t we know sooner?
• Why didn’t somebody do something to prevent this?
• Where was management … the board … the audit committee?

At DiGiRISK, we believe organizations would be wise to embrace a broader perspective of risk, a perspective that views business risks in the context of their relationship to change, opportunities, objectives, and controls; one that examines threats not only to financial performance and control but also to an organization’s strategies, business objectives, and reputation. Focusing on business risks from a broader perspective provides better insights into risk and its ramifications. Better insights should lead to better risk management, enhanced results, and fewer surprises.

Enterprise risk services help organizations develop a sustainable capability to proactively manage strategic and operational risk. We help implement self-assessment of risk and control, using proven methodologies, training, and software solutions. We independently diagnose the strategic exposure to risk and review the financing arrangements over insurable risk. We offer best practice in business risk management and systems of internal control to meet the increasing demands of corporate governance and regulation.

Our service offerings in the area of risk consulting include:

• Enterprise risk diagnostic
• Strategic risk assessment
• Operational risk assessment
• Financial risk assessment
• Regulatory compliance risk assessment
• Information technology risk assessment
• Risk and control self-assessment
• Control culture assessment
• Risk management S/W tools selection and implementation


Original Source : http://www.deloitte.com/view/en_GR/gr/services/enterprise-risk-services/risk-consulting-services/



10 Ways Companies Drive Away Talent February 7, 2014

Posted by Ishmael Chibvuri in Latest Articles!!!.
add a comment

If there’s one word that’s almost certain to appear somewhere on every business’s website, that word is talent. Companies of every size love to talk about talent! They can talk about talent all day long.

It’s easy to talk about talent on a website or in a recruiting brochure. It’s easy to say “We value talent more than anything!”

Talk is cheap. Attracting talented people into an organization and hanging onto them — now that’s another story.

Most employers, sad to say, do a better job of driving talented people away than reeling them in, both during the selection process and after the talented person comes on board as a new employee. They don’t do it intentionally, of course. They can’t see how their systems, policies and attitudes frustrate and repel great people. It starts with the ugly and tedious, Black Hole processes by which new employees get hired.

black holes belong in space not recruitingThose Applicant Tracking Systems are horrible talent repellents, but most of their owners don’t know they serve the same function as massive, barking, teeth-bared attack dogs at the gate.

Fearful people who believe they don’t have any power in their job search will submit to those awful systems. Switched-on people with alternatives will quickly say “Yikes, I’m not sticking around here” and apply for a job somewhere else.

Bring Yourself to Work Poster from Human Workplace poster sizeOnce a newcomer starts the job, there are more talent repellents waiting. Some of them are cultural. Some of them are operational.

Here are our Top Ten favorite Talent Repellents — ten ways employers drive brilliant people away from their doors.


If your firm likes to talk about talent, first take a look at your company’s job ads. Most job ads do a better job of explaining what the candidate must have than of selling the job to a possible applicant! If your job ads don’t use a human voice and spend as much time selling the job as tossing around Essential Requirements, all the talent-talk is merely lip service. (Never seen a job ad with a human voice? Here’s one.)

put a human voice in that job adBLACK HOLE RECRUITING PORTALS

If it takes a job-seeker an hour to complete all the mind-numbing fields in your Applicant Tracking System, the best people have already fled for greener pastures. If you’re a Recruiting Director or a curious CEO, ask your ATS vendor what the abandonment rate is on your recruiting site. How many people, in other words, start the process and then drop out of it? There’s your talent on the hoof, off to a friendlier welcome mat than you were able to lay out.


Once you start to communicate with applicants in the selection pipeline, what kinds of messages do you use? The evil Passive Voice type (“Your application has been received”) is a surefire talent barrier. Why not say “Wow! Thanks for applying for a job with us. Give us a few days to look at our openings and your background. We’ll back in touch, either way!” Then, actually close the loop. None of this mealy-mouthed “If we want to call you, we will” stuff meets the Human Workplace test. You can do better than that.

how technology killed recruitingINFLEXIBLE TIME OFF POLICIES

Once a new hire comes on board, he or she can only dive into the job whole-heartedly if the rest of his or life is attended to. A client of ours took a job and quit on the first day, during orientation, when she asked the orientation leader “How would it work if I have a court case three weeks from today, a half hour away in the city? I only need to leave an hour early.”

The orientation chickadee said “There’s no provision for that. You have to come in. You don’t get time off benefits for sixty days.”

The new employee, sensing danger, said “No problem, I’ll talk to my manager about it” and the orientation gal said “I’ve already noted your name and the date. You must change your personal schedule that day.”

The newbie bailed, her hiring manager called her to say “But I would have figured it out for you!” and the ex-employee said “Culture is everything. I’m not taking a job with a manager whose response to Godzilla process is to sneak around it.” If you don’t find your voice in a case like that, when will you ever do it?


My science friends tell me that entropy is a feature of closed systems. When no new information comes in, things break down. So it is in corporations where there’s no upward feedback, such that executive leaders are spared the inconvenience of reacting to messy reality and permitted to bask in the awesomeness of their delusional plans undisturbed. If your employer doesn’t have robust, active, constant feedback mechanisms in place and an appetite for hearing about life on the street, you’re pushing away talent as we speak.


I was a corporate HR leader for decades. If you want to gauge an organization’s ability to snag and keep talent, look at its pay policies. When you knock the ball out of the park and your manager says “I’m really sorry, but I can only give you a two percent raise, because, you know, it’s our policy,” you’ve learned all you need to know about the importance of talent in your shop.

culture o meterHEY, YOU STOLE MY IDEA

They say information is power. If people use information like a club to beat one another with, nothing good will happen for your clients or shareholders. If your organization is the kind where people keep quiet about their ideas to prevent them from being stolen, the universe wants you to hightail it out of there. If you’re in charge of a joint like that, you’ve got some trust-building work to do.


Some processes are good, but lots of them are cumbersome, slow and stupid. Check out our Nine Signs of a Bad Process wheel below to see what I’m talking about. If people who come to work ready to rock it are prevented from doing their work because some fear-based process is gumming up the works, I guarantee you’re losing talent. People might be sitting at their desks when you walk by, but their hearts and brains are elsewhere.

nine signs bad processCONSTRUCTIVE SNIPING

Leaders who can coach and inspire employees are one in a million, and thank God for them! Leaders who pick and quibble and snipe are people who fear that a Mojofied team might threaten their own petty power. If your environment is a snipe-fest, good people won’t stay. How can you get anything important done in a place like that?

thanks a million for following liz ryanTRIUMPH OF THE BEST AND BROWN-NOSIEST

The last Talent Repellent on our list is a culture that rewards brown-nosing and punishes honest dissent. Most of us have seen organizations like this, where Yes Men and Women are exalted and passionate people asking tough questions are silenced. Life is too short to work in a place like that. The world is too big, there are too many meaty problems to solve, and too many brilliant people for you to collaborate with in trust-based, forward-looking organizations for you to waste another femtosecond among Godzilla’s handlers.

In your job search and on the job, only the people who get you deserve you. Your gut knows the difference. Can you listen to it?

make your own human workplace badge Liz Ryan Live images


Source: http://www.forbes.com/sites/lizryan/2014/02/01/ten-ways-companies-drive-away-talent/

Social media risk management for small business? February 5, 2014

Posted by Ishmael Chibvuri in Latest Articles!!!.
add a comment


Posted by Ishmael Chibvuri in Latest Articles!!!.
add a comment

Garth Holloway

Last year I published an article on Governance and a number of people wrote to me, critiquing the article over its failure to adequately include risk as a separate item in the frameworks I was using. Their point was that while risk management is an integral and mandatory discipline for executive management and company directors, it is sufficiently important for it to be addressed as an item in its own right.

I agree with this point of view but am not convinced that risk management is something separate from the day to day running of the business. To be fair I don’t think the people critiquing my article intended that risk be separated from the business; rather their view was that it is a specific discipline and it requires special emphasis in the business. This is particularly true as the operational time horizon shifts from tactical to strategic for the…

View original post 1,060 more words

7 Cybersecurity Risks for 2014 February 5, 2014

Posted by Ishmael Chibvuri in I.T Risk Management, Internal Audit, Risk Management.
add a comment

7 Cybersecurity Risks for 2014


Computer Password Security Hacker

With each new year, comes a new round of cybersecurity risks.

To help businesses best prepare for the year ahead, risk mitigation and response solutions firm Kroll has identified seven trends that indicate a changing tide in cyber standards. These changes will require organizations to take stronger actions and safeguards to protect against reputational, financial and legal risks.

“Most organizations have invested in preventative security technologies, but remain unprepared to launch an effective response to a leak or intrusion,” said Tim Ryan, a Kroll managing director and Cyber Investigations practice leader. “Without the right tools and policies in place beforehand, they find themselves suddenly under intense pressure to investigate, track and analyze events.”

Kroll predicts that the new cybersecurity issues for 2014 will include:

National Institute of Standards and Technology (NIST) and similar security frameworks will become the de facto standards of best practices for all companies: Cybersecurity strategies largely designed for companies that were part of the “critical infrastructure” will become more of an expectation for everyone, from conducting an effective risk assessment to implementing sound cybersecurity practices and platforms. Organizations that don’t follow suit may find themselves subject to shareholder lawsuits, actions by regulators and other legal repercussions.

Alan Brill, senior managing director at Kroll, said this trend will move the United States in the direction of the EU, where there is a greater recognition of privacy as a right.

“As new laws evolve that reflect the NIST guidelines and look more like the EU privacy directive, some U.S. companies will find themselves ill-prepared to effectively respond to the regulations,” Brill said. “To minimize their risk, organizations will have to get smart on these standards and make strategic business decisions that give clients and customers confidence that their information is protected.”

The data supply chain will pose continuing challenges to even the most sophisticated enterprises: It is not unusual for companies to store or process the data they collect by using third parties. However, the security that these third parties use to safeguard their client’s data is frequently not understood by businesses that hire them until there is a breach. Companies will need to vet their subcontractors closely and get specific as to the technical and legal roles and responsibilities of these subcontractors in the event of a breach.

“Companies should know who they are giving their data to and how it is being protected,” Ryan said. “This requires technical, procedural and legal reviews.”

The malicious insider remains a serious threat, but will become more visible: Whether it was Shakespeare’s Caesar or America’s Benedict Arnold, people have long known the pain of betrayal by those they trust. Information technology simply made the betrayer’s job easier. In 2014, a significant number — if not almost half — of data breaches will come at the hands of people on the inside. However, as the federal government and individual states add muscle to privacy breach notification laws and enforcement regimes, these hidden insider attacks will become more widely known.

Ryan said the insider threat, which often goes unreported, is insidious and complex.

“Thwarting it requires collaboration by general counsel, information security and human resources,” he said. “SEC breach disclosure of ‘material losses’ may be the model for rules requiring a company to be more transparent and answerable for allowing bad actors to go unpunished.”

Corporate board audit committees will take a greater interest in cybersecurity risks and the organization’s plans for addressing them: With more and more data breaches — from theft of trade secrets to loss of customer information — in the headlines, corporate audit committees are beginning to focus on the connection between cybersecurity and an organization’s financial well-being. As such, these committees will expand their attention beyond the financial audit process to also include the organization’s strategic plans for protecting non-public information. They will also look at risk-mitigation plans for responding to a possible breach.

“As corporate boards carry out their fiduciary responsibilities, they must also protect the company from possible shareholder lawsuits that allege the company’s cybersecurity wasn’t at a level that could be reasonably viewed to be ‘commercially reasonable’ and that incident response plans weren’t in place to mitigate the risk,” Brill said. “The challenge they face is determining what is a reasonable level of security and response, and who should make that call. Is it their IT team, an industry expert, an independent third party?”

Sophisticated tools will enable smart companies to quickly uncover data breach details and react faster: Company leaders realize that even the best firewalls and intrusion detection systems cannot stop all attacks. But technological progress that occurred over the last 12 months will enable companies to unravel events and see with near–real-time clarity what’s happened to their data and how much damage has been done.

Most organizations have invested in preventative security technologies, but remain unprepared to launch an effective response to a leak or intrusion, Ryan said. Without the right tools and policies in place beforehand, they find themselves suddenly under intense pressure to investigate, track and analyze events.

“We’ve seen a dramatic improvement in response technology over the last year,” Ryan said. “Companies have never had a better opportunity to enhance their existing protocols with a methodology that can mean an informed and timely response.”

New standards related to breach remediation are gaining traction and will have a greater impact on corporate data breach response: Credit monitoring will no longer be the gold standard in breach remediation in 2014, as lawmakers, consumer advocates and the public at large continue to raise questions about the relevancy and thoroughness of this as a stand-alone solution. These parties will demand a more effective alternative. While no legal guidelines currently exist for consumer remediation, the FTC and states like California and Illinois are already offering guidance that suggests a risk-based approach to consumer remediation will be the way of the future.

“That’s not to say that credit monitoring is useless, because it’s a valuable tool when it aligns with the type of data exposed,” Brill said. “Rather, companies will need to gain a better understanding of their actual breach risks, how the breach could actually affect their customers, and the best way to remedy those specific risks and provide better protection to the affected consumers.”

As cloud and BYOD adoption continues to accelerate, implementing policies and managing technologies will require greater accountability: The development and evolution of cloud services and BYOD have moved at a whirlwind pace, leaving IT departments scrambling to get out in front of the technologies and employee usage. In 2014, IT leaders will need to work closely with senior leadership and legal counsel to adapt corporate policies in a way that addresses changing legal risks, while effectively meeting the needs of the organization.

Brill said that up until now, cloud and BYOD adoption has been like the Wild West — uncharted, unregulated and facing few restrictions.

“While it’s implausible to anticipate every possible risk presented by the use of the cloud and BYOD, companies that have integrated these technologies into their corporate policies, IT security and risk-management plans will be much better prepared to fulfill their legal obligations,” Brill said. “Organizations must realize that even if they don’t want to deal with this, they’re not going to have much choice.”

Originally published on BusinessNewsDaily

%d bloggers like this: